Thanks Duane, I was not aware of that (or if I was, I have forgotten!)
That seems to say that if person A is already a member of one group (and therefore has an account) then person B (a baddie) can, by spoofing the sending address, subscribe person A to arbitrary numbers of other groups.
That would be a seriously worrying security flaw.
This was an address never before presented to groups.io - two emails were received but not as you describe. One was the group welcome message (implying the membership process was complete) and the second was a dual function message:
Subject: Confirm your join-ken-eng@... email address
Body (my italics and links stripped):
Thank you for your interest in the https://KENT-ENG.groups.io/g/all-Kent group at Groups.io. If you did not request or do not want to join all-Kent@KENT-ENG.groups.io, please ignore this message.
If you only want to send and receive messages from all-Kent@KENT-ENG.groups.io, reply to this email to confirm your email address and activate your membership.
Messages will be sent to you at join-ken-eng@...
Send messages to all-Kent@KENT-ENG.groups.io
If you want to use the resources and read messages on the website, please click on the link below to confirm your email address, set up a password, and choose other subscription settings:
The Groups.io Team
If it still represents the actuality then it would be interesting to see. My report concerned an unrestricted group BTW.